IPsec between two 1.2beta1 down after two days.
-
Hi all:
I have a vpn between two 1.2b1 machines. The tunnel work well but after two day the tunnel goes down and don't up alone. I must to restart ipsec to work again.
I have read abotu this with two diferents machines (pfsense and openbsd I think) and talk about to activate the option "Prefer old IPsec SAs" in advanced menu.
There is a problem with 1.2b1? May be a hardware problem? Some experience? Ther is no way to up the tunnel alone without restart the ipsec?
Thanks.
-
try a recent 1.2rc2 snapshot
-
Uffff. Very dangerous in a running enviroment. Every time I have updated a version the tunnels don't work.
-
Depending on which 1.2b1 you have (whether a snapshot or the release version), there could be IPsec problems. I don't recall what versions had issues that far back.
The 1.2RC2 release, or current 1.2 snapshots, don't have any IPsec issues. I upgrade to snapshots a couple times a week, and other than the couple times in the past 6 months that IPsec has actually been broken, have never had any problems.
Typically when this happens, there's a mismatched timeout somewhere. Prefer old SA's shouldn't be used in this case.